<div dir="ltr">Hello, Eliezer,<div><br></div><div>I reproduced the issue in the test environment.</div><div>I configured my squid with the debug_options: <font face="monospace">ALL,1 28,9</font> </div><div>and ran the test curl from the same proxy host:</div><div><font face="monospace"> curl -m 4 -k --tlsv1.2 --proxy-user 'user:pass' -s -o /dev/null -w "%{http_code}" --proxy localhost:3131 <a href="https://archive.org">https://archive.org</a></font><br></div><div><br></div><div>The client got the 200-response and it works fine.</div><div><br></div><div>In the access.log the corresponding records are:</div><div><font face="monospace"> 2023-06-22 10:59:58| 747 127.0.0.1 NONE_NONE/200/- 0 CONNECT <a href="http://archive.org:443">archive.org:443</a> - HIER_DIRECT/<a href="http://archive.org">archive.org</a> - - - -<br> 2023-06-22 10:59:58| 201 127.0.0.1 TCP_MISS/200/200 3833 GET <a href="https://archive.org/">https://archive.org/</a> - HIER_DIRECT/<a href="http://archive.org">archive.org</a> text/html - - -</font><br></div><div><br></div><div>The cache.log is available at the link: <a href="https://drive.google.com/file/d/12xQch5nHAzijAh4PxZV4mZzjviYX7l7B/view?usp=sharing">https://drive.google.com/file/d/12xQch5nHAzijAh4PxZV4mZzjviYX7l7B/view?usp=sharing</a></div><div>There are three warnings there:</div><div><font face="monospace"> grep WARN /tmp/acl.log</font></div><div><font face="monospace"> 2023/06/22 10:59:57.875 kid6| WARNING: domdst_SIProxy ACL is used in context without an HTTP request. Assuming mismatch.<br></font></div><div><font face="monospace"> 2023/06/22 10:59:57.884 kid6| WARNING: domdst_SIProxy ACL is used in context without an HTTP request. Assuming mismatch.<br> 2023/06/22 10:59:58.536 kid6| WARNING: domdst_SIProxy ACL is used in context without an HTTP request. Assuming mismatch.</font><br></div><div><br></div><div>The domdst_SIProxy ACL is used only to change the outgoing address for specific domains:</div><div><span style="font-family:monospace"> acl domdst_SIProxy dstdomain "/data/squid.user/etc/squid/categories/domdst_SIProxy"</span><br></div><div><font face="monospace"> tcp_outgoing_address 10.72.235.184 domdst_SIProxy</font><br></div><div>The test URL <a href="https://archive.org">https://archive.org</a> is not in the domdst_SIProxy list.</div><div><br></div><div>Squid is configured with an SSL-Bump feature, if it matters.</div><div><br></div><div>I think we could ignore these warnings as squid works perfectly, but maybe there is a workaround to suppress logs flooding?</div><div><br></div><div>Kind regards,</div><div> Ankor.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">пн, 12 июн. 2023 г. в 10:54, <<a href="mailto:ngtech1ltd@gmail.com">ngtech1ltd@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hey Ankor,<br>
<br>
There is some missing context so I would be able to reproduce this issue.<br>
Is this some kind of CONNECT request?<br>
<br>
If you can describe in more technical details the setup and what client are you using,<br>
Maybe couple sanitized log lines it would help to understand better the scenario.<br>
<br>
Eliezer<br>
<br>
From: squid-users <<a href="mailto:squid-users-bounces@lists.squid-cache.org" target="_blank">squid-users-bounces@lists.squid-cache.org</a>> On Behalf Of Andrey K<br>
Sent: Friday, June 9, 2023 10:03<br>
To: Squid Users <<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a>>; Amos Jeffries <<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>><br>
Subject: [squid-users] Using tcp_outgoing_address with ACL<br>
<br>
Hello, <br>
<br>
We use the tcp_outgoing_address feature to access some hosts using a dedicated source IP address.<br>
<br>
acl domdst_SIProxy dstdomain "/data/squid.user/etc/squid/categories/domdst_SIProxy"<br>
tcp_outgoing_address 10.72.235.129 domdst_SIProxy<br>
<br>
It works fine, but logs are flooded with warnings like this:<br>
2023/06/09 08:30:07 kid2| WARNING: domdst_SIProxy ACL is used in context without an HTTP request. Assuming mismatch.<br>
<br>
I found a similar case: <a href="http://lists.squid-cache.org/pipermail/squid-users/2015-January/001629.html" rel="noreferrer" target="_blank">http://lists.squid-cache.org/pipermail/squid-users/2015-January/001629.html</a> where Amos suggested using a patch as a solution.<br>
We have Squid Version 5.5. Is there a similar patch for our version, or can we just ignore these messages?<br>
<br>
Kind regards,<br>
Ankor.<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div>